Security Advisory

CVE-2026-33002

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-18 15:15:25

Last updated 2026-03-19 14:45:46

Assigner jenkins

State PUBLISHED

Description

Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, making it vulnerable to DNS rebinding attacks that allow bypassing origin validation.

← Browse all CVEs View on cve.org ↗